|
|
|
|
|
|
by oflor
1272 days ago
|
|
|
> This references the "fuzzing" infrastructure hosted by the Reproducible Builds project, and doesn't show "true" reproduction of binaries. It's designed to help us figure out where impurites occur in builds. I think the "fuzzing" approach is actually the correct one. The fact that build systems are static does not improve reproducibility on its own, as the idea is that the packages could be built on different systems and result in the same binaries. If I built some Arch PKGBUILDs from the official community repo, I should still get the same binary, despite the fact that my machine has a different setup from the Arch project's own infra. |
|
|